USN-3163-1: NSS vulnerabilities
USN-3163-1: NSS vulnerabilities Ubuntu Security Notice USN-3163-1 4th January, 2017 nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in NSS. Software description nss – Network Security Service library Details It was discovered that NSS incorrectly handled certain invalidDiffie-Hellman keys. A remote attacker could possibly use this flaw tocause NSS to crash, resulting in a denial of service. This issue onlyapplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.(CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman clientkey exchanges. A remote attacker could possibly use this flaw to perform asmall subgroup confinement attack and recover private keys. This issue onlyapplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.(CVE-2016-8635) Franziskus Kiefer discovered that [ more… ]